tao-test/app/taoLtiBasicOutcome/includes/ims-blti/OAuthBody.php

156 lines
4.6 KiB
PHP
Raw Permalink Normal View History

2022-08-29 20:14:13 +02:00
<?php
require_once("OAuth.php");
require_once("TrivialOAuthDataStore.php");
function getLastOAuthBodyBaseString()
{
global $LastOAuthBodyBaseString;
return $LastOAuthBodyBaseString;
}
function getOAuthKeyFromHeaders()
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
return $header_parameters['oauth_consumer_key'];
}
return false;
}
function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
// Must reject application/x-www-form-urlencoded
$hdr = $request_headers['Content-type'];
if (!isset($hdr)) {
$hdr = $request_headers['Content-Type'];
}
if ($hdr == 'application/x-www-form-urlencoded') {
throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
}
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
$oauth_body_hash = $header_parameters['oauth_body_hash'];
// echo("OBH=".$oauth_body_hash."\n");
}
if (! isset($oauth_body_hash)) {
throw new Exception("OAuth request body signing requires oauth_body_hash body");
}
// Verify the message signature
$store = new TrivialOAuthDataStore();
$store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
$server = new OAuthServer($store);
$method = new OAuthSignatureMethod_HMAC_SHA1();
$server->add_signature_method($method);
$request = OAuthRequest::from_request();
global $LastOAuthBodyBaseString;
$LastOAuthBodyBaseString = $request->get_signature_base_string();
// echo($LastOAuthBodyBaseString."\n");
try {
$server->verify_request($request);
} catch (Exception $e) {
$message = $e->getMessage();
throw new Exception("OAuth signature failed: " . $message);
}
$postdata = file_get_contents('php://input');
// echo($postdata);
$hash = base64_encode(sha1($postdata, true));
if ($hash != $oauth_body_hash) {
throw new Exception("OAuth oauth_body_hash mismatch");
}
return $postdata;
}
function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consumer_secret, $content_type, $body)
{
$hash = base64_encode(sha1($body, true));
$parms = ['oauth_body_hash' => $hash];
$test_token = '';
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
$test_consumer = new OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, null);
$acc_req = OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms);
$acc_req->sign_request($hmac_method, $test_consumer, $test_token);
// Pass this back up "out of band" for debugging
global $LastOAuthBodyBaseString;
$LastOAuthBodyBaseString = $acc_req->get_signature_base_string();
// echo($LastOAuthBodyBaseString."\m");
$header = $acc_req->to_header();
$header = $header . "\r\nContent-type: " . $content_type . "\r\n";
$params = ['http' => [
'method' => 'POST',
'content' => $body,
'header' => $header
]];
try {
$ctx = stream_context_create($params);
$fp = @fopen($endpoint, 'rb', false, $ctx);
} catch (Exception $e) {
$fp = false;
}
if ($fp) {
$response = @stream_get_contents($fp);
} else { // Try CURL
$headers = explode("\r\n", $header);
$response = sendXmlOverPost($endpoint, $body, $headers);
}
if ($response === false) {
throw new Exception("Problem reading data from $endpoint, $php_errormsg");
}
return $response;
}
function sendXmlOverPost($url, $xml, $header)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
// For xml, change the content-type.
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // ask for results to be returned
/*
if(CurlHelper::checkHttpsURL($url)) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
}
*/
// Send to remote and return data to caller.
$result = curl_exec($ch);
curl_close($ch);
return $result;
}